In May of last year, the 5+ million install WordPress plugin Really Simple SSL added a feature for detection of known vulnerabilities in WordPress plugins. That seems to be unrelated to what is supposed to be the focus on the Continue reading Eight Months In, Really Simple SSL’s Plugin Vulnerability Data is Claiming That Unfixed Vulnerabilities Have Been Fixed
While working on a security review of a WordPress plugin, we ran across miss-usage of a WordPress security function, esc_url_raw(). While looking to see if this was a wider issue, we found that a 5+ million install security plugin is Continue reading Confusion Over Proper Usage of esc_url_raw() Includes Developers of 1+ and 5+ Million Install WordPress Security Plugins
As we noted in a post last week, the Really Simple SSL WordPress plugin became popular, with 5+ million installs, as a simple WordPress plugin and then the developer started bloating it with unrelated features. One of those was adding Continue reading Poor Security of Really Simple SSL Permits Anyone to See What Known Vulnerabilities Are on a Website
The Really Simple SSL plugin became popular, with 5+ million installs, as a simple WordPress plugin and then the developer started bloating it with unrelated features. One of those was adding plugin vulnerability alerts. They recently explained doing that this Continue reading Really Simple SSL Plugin Is Falsely Claiming That WordPress Plugins Contain Vulnerabilities